[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL DIGEST-MD5 auth. and multiple attempts (ITS#2803)

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of sfandino@yahoo.com

> Full_Name: Salvador Fandino
> Version: 2.1.23
> OS: Linux 2.2
> URL:
> Submission from: (NULL) (
> Hi,
> I have a server that uses SASL Digest MD5 authentication and
> have found that...
> 1- If the user uses his correct name and password for the
> first time it tries to
> authenticate, OpenLDAP authenticates it ok
> 2- but when he uses bad username or password the first time,
> OpenLDAP will also
> refuse to authenticate the user on later attemps if the same
> nonce is used.

The nonce cannot be re-used. After a failed authentication attempt the SASL
context (which provided the original nonce) is disposed of. You have to
re-start the Bind sequence from the initial request. This is not an OpenLDAP
bug, this report will be closed.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support